 | This is not a Wikipedia article: It is an individual user's work-in-progress page, and may be incomplete and/or unreliable. For guidance on developing this draft, see Wikipedia:So you made a userspace draft. Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL |
| Original author(s) | Dario Forte |
|---|---|
| Developer(s) | DFLabs Inc |
| Stable release | version 2.0
|
| Platform | LAMP |
| Available in | JavaScript, PHP, Perl |
| Type | Digital Forensics |
| Website | http://ptk.dflabs.com/ |
PTK Forensics (PTK) is a downloadable software tool utilized by digital forensics investigators for capturing and examining disk and memory images from computers suspected to contain evidentiary material in criminal and civil legal matters. The tool works in conjunction with The SleuthKit (TSK), an open-source forensics software apparatus widely used by investigators in that pursuit.
Functions
editTSK scans the hard drives and extracts file images from Windows, Unix and Linux systems. PTK runs as a GUI interface for TSK, acting to compile and index the disk image outputs. These outputs are then stored in a SQL database and can be searched extensively for evidence and trending pertinent to the case.
Amongst other operations, PTK handles the complex process of management and comparison of hash sets tied to the images being examined.[1] The hash algorithms employed are SHA-1 and MD5, considered to be the most widely accepted hash values for use in digital forensics[2]. This process ensures or, in some instances, disproves the consistency of the image when compared to the original.
References
editOther Products
editIncMan (Incident Manager) - http://incman.dflabs.com
DIM (Digital Investigation Management) - http://dim.dflabs.com
External links
edit